This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:xapend:xapend.b_stds:defact:bitcoin:bips:bip_0143 [2020/05/07 15:35] nick ↷ Page moved from dido:public:apdx.stds:defact:bitcoin:bips:bip_0143 to dido:public:xapend.stds:defact:bitcoin:bips:bip_0143 |
dido:public:ra:xapend:xapend.b_stds:defact:bitcoin:bips:bip_0143 [2021/08/13 16:09] (current) murphy |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ======== BIP 0143 - Transaction Signature Verification for Version 0 Witness Program (soft fork) ======== | + | ==== BIP 0143 - Transaction Signature Verification for Version 0 Witness Program (soft fork) ==== |
| - | [[dido:public:apdx.stds:defact:bitcoin| return to the Bitcoin Standards ]] | + | [[dido:public:ra:xapend:xapend.b_stds:defact:bitcoin:bips| return to the Bitcoin Improvement Proposals ]] |
| <table> | <table> | ||
| Line 9: | Line 9: | ||
| | Comments-Summary | No comments yet. | | | Comments-Summary | No comments yet. | | ||
| | Comments-URI | [[https://github.com/bitcoin/bips/wiki/Comments:BIP-0143]] | | | Comments-URI | [[https://github.com/bitcoin/bips/wiki/Comments:BIP-0143]] | | ||
| - | | Staus | Final | | + | | Status | Final | |
| | Type | Standards Track | | | Type | Standards Track | | ||
| | Created | 2016-01-03 | | | Created | 2016-01-03 | | ||
| Line 17: | Line 17: | ||
| </table> | </table> | ||
| - | : **Note**: The following is an excerpt from the official Bitcoin site. It is provided here as a connivence and is not authoritative. Refer to the original document(s) as the authoritative reference. | + | : **Note**: The following is an excerpt from the official [[dido:public:ra:xapend:xapend.a_glossary:b:bitcoin|Bitcoin]] site. It is provided here as a convenience and is not authoritative. Refer to the original document(s) as the authoritative reference. |
| - | ====== Abstract ====== | + | === Abstract === |
| - | : //This proposal defines a new transaction digest algorithm for signature verification in version 0 witness program, in order to minimize redundant data hashing in verification, and to cover the input value by the signature.// | + | //This proposal defines a new transaction digest algorithm for signature verification in version 0 witness program, in order to minimize redundant data hashing in verification, and to cover the input value by the signature.// |
| - | ====== Motivation ====== | + | === Motivation === |
| - | : //There are 4 ECDSA signature verification codes in the original Bitcoin script system: CHECKSIG, CHECKSIGVERIFY, CHECKMULTISIG, CHECKMULTISIGVERIFY (“sigops”). According to the sighash type (ALL, NONE, SINGLE, ANYONECANPAY), a transaction digest is generated with a double SHA256 of a serialized subset of the transaction, and the signature is verified against this digest with a given public key. The detailed procedure is described in a Bitcoin Wiki article. ((https://en.bitcoin.it/wiki/OP_CHECKSIG | + | //There are 4 ECDSA signature verification codes in the original Bitcoin script system: CHECKSIG, CHECKSIGVERIFY, CHECKMULTISIG, CHECKMULTISIGVERIFY (“sigops”). According to the sighash type (ALL, NONE, SINGLE, ANYONECANPAY), a transaction digest is generated with a double SHA256 of a serialized subset of the transaction, and the signature is verified against this digest with a given [[dido:public:ra:xapend:xapend.a_glossary:p:public_key|public key]]. The detailed procedure is described in a Bitcoin Wiki article. ((https://en.bitcoin.it/wiki/OP_CHECKSIG |
| ))// | ))// | ||
| - | : //Unfortunately, there are at least 2 weaknesses in the original SignatureHash transaction digest algorithm:// | + | //Unfortunately, there are at least 2 weaknesses in the original SignatureHash transaction digest algorithm:// |
| * //For the verification of each signature, the amount of data hashing is proportional to the size of the transaction. Therefore, data hashing grows in O(n2) as the number of sigops in a transaction increases. While a 1 MB block would normally take 2 seconds to verify with an average computer in 2015, a 1MB transaction with 5569 sigops may take 25 seconds to verify. This could be fixed by optimizing the digest algorithm by introducing some reusable “midstate”, so the time complexity becomes O(n).(( | * //For the verification of each signature, the amount of data hashing is proportional to the size of the transaction. Therefore, data hashing grows in O(n2) as the number of sigops in a transaction increases. While a 1 MB block would normally take 2 seconds to verify with an average computer in 2015, a 1MB transaction with 5569 sigops may take 25 seconds to verify. This could be fixed by optimizing the digest algorithm by introducing some reusable “midstate”, so the time complexity becomes O(n).(( | ||
| Line 39: | Line 39: | ||
| ))// | ))// | ||
| - | : //Deploying the aforementioned fixes in the original script system is not a simple task. That would be either a hardfork, or a softfork for new sigops without the ability to remove or insert stack items. However, the introduction of segregated witness softfork offers an opportunity to define a different set of script semantics without disrupting the original system, as the unupgraded nodes would always consider such a transaction output is spendable by arbitrary signature or no signature at all.(( | + | //Deploying the aforementioned fixes in the original script system is not a simple task. That would be either a hardfork, or a softfork for new sigops without the ability to remove or insert stack items. However, the introduction of segregated witness softfork offers an opportunity to define a different set of script semantics without disrupting the original system, as the unupgraded nodes would always consider such a transaction output is spendable by arbitrary signature or no signature at all.(( |
| BIP141: Segregated Witness (Consensus layer), [[https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki]] | BIP141: Segregated Witness (Consensus layer), [[https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki]] | ||
| ))// | ))// | ||